Innovative security software is being tested in Europe.
IBM researchers in Zurich, Switzerland, have developed novel worm-squashing software the company says it wants to turn into a product to help guard against computer-network attacks such as those that slowed Internet traffic earlier this month.
For the last few months, a PC loaded with the new software, code-named Billy Goat, has kept watch over IBM's corporate network from the company's large research lab outside Zurich. The system uses a unique approach to detecting malicious software by looking at traffic flowing to Internet addresses that aren't assigned to specific computers, trying to isolate computers on a network that attempt to infect others. IBM is also testing the system at Bluewin, the Internet service provider unit of Swisscom AG, the Swiss national telephone company.
The software could cut down on the number of false alarms generated by commercial intrusion-detection software that tries to analyze the behavior of traffic on computer networks, says Andreas Wespi, a manager in IBM's Global Security Analysis Lab in Zurich. "Worms are spreading so quickly in the first place that only a behavior-based approach has a chance to detect them," he says. The Slammer worm that wreaked havoc on the Internet in January spread around the world within 15 minutes of release. The Sobig worm released this month also spread rapidly.
To be sure, several companies have developed software products that analyze networks' behavior to ward off new attacks, in addition to dectecting the "signatures" of documented viruses and worms. Cisco Systems in January bought Okena Inc., a maker of behavior-based intrusion-detection tools. Network Associates has acquired technology in the area as well.
IBM says its prototype combines the strength of analyzing traffic directed at IP addresses assigned to computers on a network with the ability to look at the unassigned addresses worms also target. It also can sniff out the signatures of known attacks. By testing the software at a large ISP, IBM can collect more data on worm traffic and help decide how to bring Billy Goat to market, says Adrian Schlund, a manager at IBM Global Services. "We have quite a big business potential for Billy Goat," he says. The company is considering bringing the technology to market in its Tivoli software products, or as part of a security service sold to companies by IBM.
Every little bit could help at a company that's had difficulty commercializing technology from its security labs, says John Pescatore, an analyst at market research company Gartner. "There's definitely room for improvement in intrusion detection," he says. Companies need systems with faster response times, and fewer false alarms. "If IBM is doing stuff that can run at the [ISP] level, that's where we need the help."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.